dohertj2/mxaccess
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4ff511bbed665fdc763ecb9602000b1b72ca1f29
mxaccess/analysis/decompiled/aaServicesCommonDataContracts/ArchestrAServices.Contract/SamlClaimsCheck.cs
T
Joseph Doherty fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Details
Initial project state: .NET reference, design, Rust port (M0+M1), evidence 
Layout:
- src/                    .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
                          MxAsbClient, probes, tests, harnesses. Executable spec.
- design/                 Architectural plan for the Rust port (M0–M6), error
                          model, protocol invariants, risks (R1–R16), adversarial
                          review log (review.md).
- rust/                   Rust workspace. M0 skeleton + M1 codec parity.
                          mxaccess-codec: 215 unit tests + 2 cross-implementation
                          parity tests (byte-identical against .NET reference).
                          Other crates are M0 stubs awaiting M2+.
- captures/               Frida + netsh + pcap evidence per CLAUDE.md
                          ("captures are evidence, not throwaway logs").
- analysis/               Decompiled C# (frida/proxy/decompiled-*),
                          Ghidra exports for native DLLs (`exports/` only —
                          working state at `projects/` and AVEVA's input
                          binaries at `input/` are gitignored).
- docs/                   Reverse-engineering reference docs.
- tools/                  Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
                          Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/      Rust CI: fmt + build + test + clippy on Windows.
- LICENSE                 MIT (Joseph Doherty, 2026).

Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly

Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 06:21:00 -04:00

152 lines
5.5 KiB
C#
Raw Blame History

#define TRACE
using System.Collections.Generic;
using System.Diagnostics;
using System.Globalization;
using System.IdentityModel.Claims;
using System.IdentityModel.Tokens;
using System.Linq;
using ArchestrAServices.Common;
namespace ArchestrAServices.Contract;
public class SamlClaimsCheck
{
public static bool CheckSamlTokenForAttributeClaim(SamlSecurityToken SamlToken, string ClaimValue)
{
if (SamlToken == null)
{
SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAttributeClaim: SamlToken cannot be null");
return false;
}
if (string.IsNullOrEmpty(ClaimValue))
{
SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAttributeClaim: ClaimValue cannot be null or empty");
return false;
}
SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "SAML assertion contains {0} statements", new object[1] { SamlToken.Assertion.Statements.Count() }));
foreach (SamlStatement statement in SamlToken.Assertion.Statements)
{
if (!(statement is SamlAttributeStatement))
{
continue;
}
SamlAttributeStatement samlAttributeStatement = statement as SamlAttributeStatement;
SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "SamlAttributeStatement has {0} attributes", new object[1] { samlAttributeStatement.Attributes.Count() }));
foreach (SamlAttribute attribute in samlAttributeStatement.Attributes)
{
SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "Attribute '{0}' has {1} claims", new object[2]
{
attribute.Name,
attribute.ExtractClaims().Count()
}));
foreach (Claim item in attribute.ExtractClaims())
{
SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "Claim type '{0}', Right: '{1}'", new object[2] { item.ClaimType, item.Right }));
}
SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "Attribute '{0}' has {1} values", new object[2]
{
attribute.Name,
attribute.AttributeValues.Count()
}));
foreach (string attributeValue in attribute.AttributeValues)
{
SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "Value: '{0}'", new object[1] { attributeValue }));
if (attributeValue == ClaimValue)
{
return true;
}
}
}
}
return false;
}
public static List<string> ExtractAllAttributeClaims(SamlSecurityToken SamlToken)
{
return ExtractAllAttributeClaims(SamlToken);
}
public static List<string> ExtractAllAttributeClaims(SamlSecurityToken SamlToken, string AttributeName)
{
List<string> list = new List<string>();
if (SamlToken == null)
{
SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "ExtractAllAttributeClaims: SamlToken cannot be null");
return list;
}
SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "ExtractAllAttributeClaims extracting '{0}' attributes", new object[1] { AttributeName }));
foreach (SamlStatement statement in SamlToken.Assertion.Statements)
{
if (!(statement is SamlAttributeStatement))
{
continue;
}
foreach (SamlAttribute attribute in (statement as SamlAttributeStatement).Attributes)
{
if (!string.IsNullOrEmpty(AttributeName) && !(attribute.Name == AttributeName))
{
continue;
}
foreach (Claim item in attribute.ExtractClaims())
{
if (!(item.ClaimType == ClaimTypes.Name) || !(item.Right == Rights.PossessProperty))
{
continue;
}
foreach (string attributeValue in attribute.AttributeValues)
{
SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "Adding '{0} attribute's value '{1}' to return list", new object[2] { attribute.Name, attributeValue }));
list.Add(attributeValue);
}
}
}
}
return list;
}
public static bool CheckSamlTokenForAuthenticationClaim(SamlSecurityToken SamlToken, string ClaimValue)
{
if (SamlToken == null)
{
SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAuthenticationClaim: SamlToken cannot be null");
return false;
}
if (string.IsNullOrEmpty(ClaimValue))
{
SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAuthenticationClaim: ClaimValue cannot be null or empty");
return false;
}
return false;
}
public static bool CheckSamlTokenForAuthorizationClaim(SamlSecurityToken SamlToken, string ClaimValue)
{
if (SamlToken == null)
{
SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAuthorizationClaim: SamlToken cannot be null");
return false;
}
if (string.IsNullOrEmpty(ClaimValue))
{
SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAuthorizationClaim: ClaimValue cannot be null or empty");
return false;
}
return false;
}
public static bool CheckSamlTokenForSubjectClaim(SamlSecurityToken SamlToken, string ClaimValue)
{
if (SamlToken == null)
{
SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForSubjectClaim: SamlToken cannot be null");
return false;
}
if (string.IsNullOrEmpty(ClaimValue))
{
SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForSubjectClaim: ClaimValue cannot be null or empty");
return false;
}
return false;
}
}
Reference in New Issue View Git Blame Copy Permalink